An HNB is a small-sized and low-power base station, which is set in home, offices and other indoor places to provide users with higher service rate, reducing the cost on using high-rate service, and making up for the disadvantages in the coverage of the existed distributed cellular radio communication system. The advantages of the HNB are economical, convenience, low power output, plug-and-play and so on.
FIG. 1 is a schematic diagram illustrating the network topology of an HNB. As shown in FIG. 1, an HNB Access Network (HNB AN) consists of HNBs and an HNB Gateway (HNB GW), the HNBs are connected to a core network via the HNB AN. The main functions of the HNB GW are to validate the security of the HNBs, to process the registration and the access control of the HNBs, to perform Operation Administration and Maintenance on the HNBs, to configure and control the HNBs according to the requirements of the operators, and to exchange data between the core network and the HNBs, and so on.
The HNB further comprises Home Evolution Node B (HeNB), which can be directly connected to the core network without using the HNB GW.
As the resource dedicated to private subscribers, the HNB may be set in home, a group, a company, a school and other private places, several cells covered by an HNB form an HNB coverage area, and an HNB is only accessible to authorized HNB subscribers, such as family members or group members and the like. The cell of a common base station, that is, a Node B (NB) or an Evolution Node B (eNB), provides services for all subscribers; while the cell covered by an HNB only provides services for the authorized subscribers, so the cell covered by an HNB is referred to as a Closed Subscriber Group (CSG) cell.
According to the access mode the HNBs are divided into three types: a close authorization mode, in which the CSG cell covered by an HNB is only accessible to the authorized CSG User Equipment (CSG UE) but not to unauthorized UE; a hybrid authorization mode, in which the CSG cell covered by an HNB is also accessible to the unauthorized UE which has limited use authority; and an open authorization mode, in which the CSG cell covered by an HNB is accessible to all of the UE. A CSG ID list of an HNB to which a UE-accessible CSG cell belongs is known as a White List, which is stored in the user database of a core network. When UE desires to access a CSG cell, the source net element, which is an NB or an HNB herein, reports the CSG ID of the CSG cell to a core network, then the core network determines whether the White List of the UE contains the CSG ID, if so, allows the access of the UE, otherwise, rejects the access-request of the UE, such an access control is referred to as CSG-based access control.
In the prior art, there is two ways for UE accessing a cell: one is directly accessing a target cell, the other is handing over to the target cell from another cell by a handover mode. FIG. 2 is a schematic diagram illustrating the flow of a cell handover of UE at a network side in the prior art. As shown in FIG. 2, a source net element initiates the cell handover of the UE, and sends a UE handover (relocation) required message to a core network. After receiving the message, the core network determines the position of the target HNB according to the target HNB information contained in the UE handover required message, and then sends the handover (relocation) required message to the target HNB. The target HNB reads the information in the UE handover required message, determines whether to allow the access of the UE, and then returns a UE handover required success/failure response message to the core network. After receiving the success response message, the core network sends a handover command to the source net element, and then the subsequent cell access flow of the UE is continued between the net elements and the handover process of the UE is started at air interfaces. An HNB GW exists between the core network and the HNB, which only plays a role in routing and forwarding in this process.
It can be seen from the above flow that the UE can also access a cell through a handover process. As required by a CSG cell, the core network performs access control before the UE enters the CSG cell to function, and rejects the handover process if the CSG cell is not listed in the White List of the UE. However, when an HNB is connected with a core network via an HNB GW, the core network takes the HNB GW as a big Radio Network Controller (RNC) or a base station. As the HNB GW may manage lots of HNBs, for the core network, an HNB is an RNC or a base station supporting multiple CSGs. The core network only has the authorization information corresponding to the HNB GW but no information of the HNB or related authorization such as the one-to-one correspondence relationship between a CSG ID and an authorization mode. When UE requires a handover to an HNB under the HNB GW, the core network performs access control according to the CSG ID and the authorization mode reported by the UE. As the core network has no one-to-one correspondence relationship between the HNB and the authorization information, the UE can fraudulently report a CSG ID in its own White List as long as the CSG ID belongs to an HNB under the HNB GW, or fraudulently report the access mode of the CSG cell to be a hybrid mode or an open mode. Through such means, the UE can fraudulently pass CSG access control at the core network side to access a CSG cell that is actually unauthorized to the UE. The reason for such security problems lies in that when an HNB is connected with the core network via an HNB GW, the core network takes the HNB GW as a big HNB and has no specific authorization information corresponding to each HNB. As a consequence, the core network performs access control on an HNB under the HNB GW only depending on the information reported by the UE, and the aforementioned potential safety hazards occur if the UE report dishonestly.